The access to information, to a room or the like must in many cases be restricted to certain individuals. This is the case, for instance, when electronic money transactions occur via the Internet, when in a hospital the access to case records is to be limited, or when only certain individuals in a place of work are allowed to have access to certain information or certain rooms.
To this end, use is often made of what is referred to as intelligent cards or smart cards. A smart card can be described as a card in the size of an account card which has a built-in processor, a memory and some kind of communication interface, which in its simplest form may consist of one or more metal contacts.
Also so-called hardware tokens work essentially according to the same principle as smart cards. They are typically used in a computer as a key to “unlock” the computer and give a user access to information. The difference compared with a smart card is more of a practical type since a hardware token can be directly inserted into the USB or serial port of a computer while a smart card must be placed in a special smart cart reader which is connected to or incorporated in the computer. For this reason, also the software on the hardware token differs somewhat from the software on smart cards, but their purpose is essentially the same.
On all smart cards that are used in the above contexts, sensitive information is stored in the memory. A first part of the sensitive information is reference information stored in advance about the user of the card. It is with this reference information that a comparison is made every time the card user wishes to verify his right to use the card.
Smart cards also contain a second part of sensitive information which consists of computer files which only the card user may access. They may contain, for example, computer files with private encryption keys, longer passwords or other information that can be used to identify the user. When the card user wants to verify that he has the right to access to the sensitive information stored in the computer files on the smart card, he places the card in a smart card reader and enters a pin code (PIN=Personal Identification Number). The pin code is limited to 16 bytes and usually consists of four digits between zero and nine which are matched with a reference pin code stored on the card. If the pin code corresponds with the reference, “the card is unlocked”, i.e. the user gains access to the computer files containing the sensitive information. Pin codes are presently used in many situations, and many people find it difficult to remember a number of different pin codes. Therefore, many people choose to use the same pin code in a number of different situations, thus deteriorating security.
For this reason, and with a view to further increasing security, alternative solutions have been presented, in which a user instead identifies himself with the aid of biometric information. By biometric information is meant information which is body-related and individual-specific for the user. It may consist of, for instance, the pattern of the user's fingers, palm, iris, or some other information which is not related to appearance but yet individual-specific, such as the user's voice. A method in which a user identifies himself with the aid of his fingerprint typically proceeds as follows:
The user places his smart card in a smart card reader and one finger on a sensor which generates a digital image, i.e. a digital representation, of the fingerprint. The digital image of the fingerprint proceeds to an external processor, for instance a personal computer, where it is preprocessed. In the preprocessing, the amount of information in the image is reduced so that, for instance, a binarised image or parts of a binarised image are generated. A corresponding preprocessed image has been stored on the card as reference information. This reference information is usually referred to as a template. The external processor collects the template from the card and compares this with the preprocessed image of the finger. In case of correspondence, the external processor transmits a pin code to the card. This pin code acts as a key and gives access to the sensitive information stored in the memory of the card. If the template and the preprocessed image information do not correspond with each other, no pin code is transmitted and the user cannot access the computer files with the sensitive information on the card.
Even if biometry is used so that the user will not need to use a pin code, a pin code is still transmitted at the last stage of the verification process since this pin code is necessary for the “unlocking” of specific files containing sensitive information on the smart card. Thus the pin code must be hardcoded either in the software for the application which communicates with the card, or in some hardware in the unit where the card is read and written. Consequently no significant increase of the security is achieved despite the use of biometry since there is still a risk that someone may access the computer files with sensitive information on the card by transmitting the pin code to the card.
A further problem is that the template with which the matching occurs must be read from the card into the external processor in which the comparison with the user's biometric data takes place. In the first place this is a security risk, and in the second place there are directives issued by computer security authorities in certain countries which recommend that a biometric template should never leave the smart card.
One solution to the above problems is presented in Swedish Patent No. 8101707-1 which discloses an account card type data carrier which is provided with verification equipment comprising a sensor on which a user places one of his fingers. The sensor records papillary line information from the user's finger and calculates an identification bit sequence which is compared with a previously stored reference bit sequence. If the bit sequences conform with each other, an acceptance signal is generated, which can activate an indication means or a connecting means which makes the data carrier useable.
Although this solution eliminates the use of pin codes and lets the template remain on the card all the time, certain drawbacks still remain. For instance, the card cannot be a standard type smart card since such a card has no sensor and also does not have sufficient processor capacity to carry out the proposed method.